CVS commit: pkgsrc/lang

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/lang
From: "Takahiro Kambe" <taca%netbsd.org@localhost>
Date: Sun, 6 Sep 2015 12:27:43 +0000

Module Name:    pkgsrc
Committed By:   taca
Date:           Sun Sep  6 12:27:43 UTC 2015

Modified Files:
        pkgsrc/lang/php: phpversion.mk
        pkgsrc/lang/php56: distinfo

Log Message:
Update php55 to 5.6.13 including security fixes.

03 Sep 2015, PHP 5.6.13

- Core:
  . Fixed bug #69900 (Too long timeout on pipes). (Anatol)
  . Fixed bug #69487 (SAPI may truncate POST data). (cmb)
  . Fixed bug #70198 (Checking liveness does not work as expected).
    (Shafreeck Sea, Anatol Belski)
  . Fixed bug #70172 (Use After Free Vulnerability in unserialize()). (Stas)
  . Fixed bug #70219 (Use after free vulnerability in session deserializer).
    (taoguangchen at icloud dot com)

- CLI server:
  . Fixed bug #66606 (Sets HTTP_CONTENT_TYPE but not CONTENT_TYPE).
    (wusuopu, cmb)
  . Fixed bug #70264 (CLI server directory traversal). (cmb)

- Date:
  . Fixed bug #70266 (DateInterval::__construct.interval_spec is not supposed to
    be optional). (cmb)
  . Fixed bug #70277 (new DateTimeZone($foo) is ignoring text after null byte).
    (cmb)

- EXIF:
  . Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte
    value of 32 bytes). (Stas)

- hash:
  . Fixed bug #70312 (HAVAL gives wrong hashes in specific cases). (letsgolee
    at naver dot com)

- MCrypt:
  . Fixed bug #69833 (mcrypt fd caching not working). (Anatol)

- Opcache:
  . Fixed bug #70237 (Empty while and do-while segmentation fault with opcode
    on CLI enabled). (Dmitry, Laruence)

- PCRE:
  . Fixed bug #70232 (Incorrect bump-along behavior with \K and empty string
    match). (cmb)
  . Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions).
    (Anatol Belski)

- SOAP:
  . Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE).
    (Stas)

- SPL:
  . Fixed bug #70290 (Null pointer deref (segfault) in spl_autoload via
    ob_start). (hugh at allthethings dot co dot nz)
  . Fixed bug #70303 (Incorrect constructor reflection for ArrayObject). (cmb)
  . Fixed bug #70365 (Use-after-free vulnerability in unserialize() with
    SplObjectStorage). (taoguangchen at icloud dot com)
  . Fixed bug #70366 (Use-after-free vulnerability in unserialize() with
    SplDoublyLinkedList). (taoguangchen at icloud dot com)

- Standard:
  . Fixed bug #70052 (getimagesize() fails for very large and very small WBMP).
    (cmb)
  . Fixed bug #70157 (parse_ini_string() segmentation fault with
    INI_SCANNER_TYPED). (Tjerk)

- XSLT:
  . Fixed bug #69782 (NULL pointer dereference). (Stas)

- ZIP:
  . Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when
    creating directories). (neal at fb dot com)


To generate a diff of this commit:
cvs rdiff -u -r1.110 -r1.111 pkgsrc/lang/php/phpversion.mk
cvs rdiff -u -r1.14 -r1.15 pkgsrc/lang/php56/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/lang
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/lang
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index